Hi, My development website (Drupal 7.15) setup 2 weeks ago. Only View and Chaos Tools Suite Modules installed. I contacted hosting company and they said it's compromised through FTP -what I don't believe (if it's truth I'm really screwed because there is tons of other sites too :( ) I got "Security update" message but, since it's development website, I wasn't rushin' What's chances it's really FTP or something else? No other problems but "new" index page. Though, they could "planted" something?
We too had very noticable attempts 2-3 weeks ago on one of our Drupal 7 sites. If anyone guesses your user name and password your'e stuffed. I had that almost happen. Caught it just in time
We also had our previous Drupal 6 site hacked with some nasty code implanted into the drupal /includes system files. They got in thru the server. The isp is still in denial.
Check your drupal logs/reports to see who has got in and how., regularly clean out the logs so you have fresh access detail.
I suggest, delete everything on site, very difficult if you only have ftp or cpanel. Clean the site, use a new 18-25 character root password using the most convoluted range of ascii characters you can think of. Never type this when logging in as admin-- copy and paste. Never email the user or password to any one in the same email.
Reinstall the full Drupal site and use similarly complex admin password.
BE careful....... Drupal locks out your IP address if you enter the incorrect user name or password, I think it's 5 times but am not sure. It happened to me after 3 times.
Hope this helps Roger
Pl go to drupal support and give your details and report them about hacking better change admin password
On 10/27/12, Roger arelem@bigpond.com wrote:
Hi, My development website (Drupal 7.15) setup 2 weeks ago. Only View and Chaos Tools Suite Modules installed. I contacted hosting company and they said it's compromised through FTP -what I don't believe (if it's truth I'm really screwed because there is tons of other sites too :( ) I got "Security update" message but, since it's development website, I wasn't rushin' What's chances it's really FTP or something else? No other problems but "new" index page. Though, they could "planted" something?
We too had very noticable attempts 2-3 weeks ago on one of our Drupal 7 sites. If anyone guesses your user name and password your'e stuffed. I had that almost happen. Caught it just in time
We also had our previous Drupal 6 site hacked with some nasty code implanted into the drupal /includes system files. They got in thru the server. The isp is still in denial.
Check your drupal logs/reports to see who has got in and how., regularly clean out the logs so you have fresh access detail.
I suggest, delete everything on site, very difficult if you only have ftp or cpanel. Clean the site, use a new 18-25 character root password using the most convoluted range of ascii characters you can think of. Never type this when logging in as admin-- copy and paste. Never email the user or password to any one in the same email.
Reinstall the full Drupal site and use similarly complex admin password.
BE careful....... Drupal locks out your IP address if you enter the incorrect user name or password, I think it's 5 times but am not sure. It happened to me after 3 times.
Hope this helps Roger -- [ Drupal support list | http://lists.drupal.org/ ]
-
ALLAHBAKASH ALLAHBAKASH -
Roger